<?php
class AdminAppController extends Controller{
    //var $components = array('Auth');
    public $helper = array('Admin');
    public $components = array(
		'Session',
        'Auth' => array(
            'loginAction' => array('plugin' => 'admin', 'controller'=>'users', 'action'=>'login'),
            'loginRedirect' => array('plugin' => 'admin', 'controller' => 'home', 'action' => 'index'),
            'logoutRedirect' => array('plugin' => 'admin', 'controller' => 'users', 'action' => 'login'),
			'authError' => 'You must be logged in to view this page.',
			'loginError' => 'Invalid Username or Password entered, please try again.',
            'authenticate' => array(
                'Form' => array(
                    'fields' => array('username' => 'username', 'password' => 'password')
                )
            ),
 
        ));
	
	// only allow the login controllers only
	public function beforeFilter() {
        $this->Auth->allow('login');
        
        if(!($this->request->params['controller'] == "users" && $this->request->params['action'] == "login") && $this->Auth->user('username'))
        {
            if(!$this->_isAdmin())
            {
                $this->Session->setFlash(
                                'Bạn không phải Admin',
                                'default',
                                array('class' => 'alert alert-danger')
                            ); 
                $this->redirect($this->Auth->logout());
            }
        } 
        
    }
	
	public function isAuthorized($user) {
		// Here is where we should verify the role and give access based on role
		return true;
	}
    
    function _isAdmin(){
    	$admin = FALSE;
    	if($this->Auth->user("level")==1 || $this->Auth->user("level")==2)
    	    $admin = TRUE;
	return $admin; 
}
}